github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
d4925ce8f830b98baef48d5ba5a2da87f776359f
kubernetes/pkg
History
Akihiro Suda c7f52b34f3 kubelet: KEP-3857: Recursive Read-only (RRO) mounts 
See <https://kep.k8s.io/3857>.

An example manifest:
```yaml
apiVersion: v1
kind: Pod
metadata:
  name: rro
spec:
  volumes:
    - name: mnt
      hostPath:
        # tmpfs is mounted on /mnt/tmpfs
        path: /mnt
  containers:
    - name: busybox
      image: busybox
      args: ["sleep", "infinity"]
      volumeMounts:
        # /mnt-rro/tmpfs is not writable
        - name: mnt
          mountPath: /mnt-rro
          readOnly: true
          mountPropagation: None
          recursiveReadOnly: IfPossible
        # /mnt-ro/tmpfs is writable
        - name: mnt
          mountPath: /mnt-ro
          readOnly: true
        # /mnt-rw/tmpfs is writable
        - name: mnt
          mountPath: /mnt-rw
```

Requirements:
- Feature gate "RecursiveReadOnlyMounts" to be enabled
- Linux kernel >= 5.12
- runc >= 1.1

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2024-03-10 03:00:59 +09:00
..
api
pod: dropDisabledFields: recognize RecursiveReadOnlyMounts
2024-03-09 09:48:12 +09:00
apis
api: validate RecursiveReadOnlyMounts
2024-03-10 02:59:30 +09:00
auth
Merge pull request #105598 from gy95/match
2022-01-05 09:22:38 -08:00
capabilities
client
Move cri/streaming to k8s.io/kubelet staging repository
2023-06-05 08:08:18 +02:00
cloudprovider
Drop vsphere cloud provider
2024-01-23 19:57:01 -05:00
cluster/ports
Webhook framework for cloud controller manager
2023-03-14 23:28:05 +00:00
controller
Merge pull request #123826 from tenzen-y/use-fake-client-job-unit
2024-03-08 15:11:13 -08:00
controlplane
feat: implements Storage Version Migration API in-tree
2024-03-08 04:18:56 +00:00
credentialprovider
chore: Cleanup in-tree credential provider azure and cloud provider azure
2024-01-20 15:18:31 +08:00
features
pkg/features: add RecursiveReadOnlyMounts
2024-03-09 09:48:10 +09:00
fieldpath
Improved FormatMap: Improves performance by about 4x, or nearly 2x in the worst case (#112661)
2023-03-01 22:26:55 -08:00
generated
api: KEP-3857: Recursive Read-only (RRO) mounts
2024-03-09 09:48:12 +09:00
kubeapiserver
feat: implements Storage Version Migration API in-tree
2024-03-08 04:18:56 +00:00
kubectl
feat: implements Storage Version Migration API in-tree
2024-03-08 04:18:56 +00:00
kubelet
kubelet: KEP-3857: Recursive Read-only (RRO) mounts
2024-03-10 03:00:59 +09:00
kubemark
Fix permission denied error
2024-02-16 09:57:18 -08:00
printers
feat: implements Storage Version Migration API in-tree
2024-03-08 04:18:56 +00:00
probe
cleanup: omit comparison with bool constants
2023-09-05 10:24:38 +08:00
proxy
Change kube-proxy behaviour to consider hints when ServiceTrafficDistribution feature gate is enabled
2024-03-03 22:46:03 -08:00
quota/v1
api: introduce separate VolumeResourceRequirements struct
2023-08-21 15:31:28 +02:00
registry
node: dropDisabledFields: recognize RecursiveReadOnlyMounts gate
2024-03-09 09:48:13 +09:00
routes
Add api-machinery TL owners permissions for jpbetz
2023-05-15 11:09:54 -04:00
scheduler
dra scheduler: consider in-flight allocation for resource calculation
2024-03-07 22:26:16 +01:00
security
Separate feature-gate for AppArmor fields
2024-03-06 10:46:32 -08:00
securitycontext
add SeccompProfile to Pod and Container accessors/mutators
2023-02-22 17:15:27 +01:00
serviceaccount
jwt: strictly support compact serialization only
2024-02-27 17:16:08 -05:00
util
Retool typecheck to be simpler
2024-02-29 22:07:00 -08:00
volume
Merge pull request #123446 from linxiulei/hit_cache
2024-03-04 10:24:45 -08:00
windows/service
.import-restrictions
cmd/api/testing no longer overrides pkg's rules
2020-04-28 08:46:49 -07:00
OWNERS
lavalamp is taking a long break
2023-05-11 16:43:38 +00:00